package cloud.coop;

import io.confluent.cloud.rbac.CloudScope;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.entities.ResourcesRequest;
import io.confluent.rbacapi.retrofit.v2.V2RbacRestApi;
import io.confluent.rbacapi.retrofit.v2.V2RbacRetrofitFactory;
import io.confluent.rbacapi.services.FeatureConfigurationService;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.Scope;
import io.confluent.testing.TestIndependenceUtil;
import java.io.IOException;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import org.apache.kafka.common.resource.PatternType;
import org.jetbrains.annotations.NotNull;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.Test;
import parity.coop.ParityTestBase;
import retrofit2.Response;
import utils.MdsTestUtil;
import utils.RoleCrudUtil;

@Test
/* loaded from: input_file:cloud/coop/V2Alpha1CloudRoleBindingLimitTest.class */
public class V2Alpha1CloudRoleBindingLimitTest extends ParityTestBase {
    @AfterMethod
    public void resetMockFeatureConfigurationService() {
        ((FeatureConfigurationService) Mockito.doReturn(false).when(getFeatureConfigurationService())).isRbacLimitsEnable();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Test
    public void testCreateTooManyCloudRoleBindingsWithoutRbacQuotasFeature() throws Exception {
        String uniquify = TestIndependenceUtil.uniquify("org");
        Object[] objArr = {new Object[]{"u-org", "OrganizationAdmin", CloudScope.organizationScope(uniquify), null}, new Object[]{"u-env", "EnvironmentAdmin", CloudScope.envScope(uniquify, "env-1"), null}, new Object[]{"u-cluster", "CloudClusterAdmin", CloudScope.cloudClusterScope(uniquify, "env-1", "lkc-abc"), null}, new Object[]{"u-ro", "ResourceOwner", CloudScope.kafkaScope(uniquify, "env-1", "lkc-abc"), Collections.singletonList(new ResourcePattern("Topic", "topic1", PatternType.LITERAL))}};
        MdsScope mdsScope = new MdsScope(CloudScope.envScope(uniquify, "env-1"));
        V2RbacRestApi orgAdminClient = getOrgAdminClient(uniquify);
        for (int i = 1; i < 1000; i++) {
            Object[] objArr2 = objArr[i % objArr.length];
            checkCreate(orgAdminClient, 204, (String) objArr2[0], (String) objArr2[1], (Scope) objArr2[2], (List) objArr2[3]);
        }
        for (int i2 = 0; i2 < objArr.length; i2++) {
            Object[] objArr3 = objArr[i2 % objArr.length];
            checkCreate(orgAdminClient, 402, (String) objArr3[0], (String) objArr3[1], (Scope) objArr3[2], (List) objArr3[3]);
        }
        int i3 = 0;
        Response execute = orgAdminClient.getPrincipalsWithRole("EnvironmentAdmin", mdsScope).execute();
        Assert.assertTrue(execute.isSuccessful());
        Iterator it = ((List) execute.body()).iterator();
        while (it.hasNext()) {
            Assert.assertTrue(orgAdminClient.removeRoleForPrincipal((String) it.next(), "EnvironmentAdmin", mdsScope).execute().isSuccessful());
            i3++;
            if (i3 >= 50) {
                break;
            }
        }
        for (int i4 = 0; i4 < i3; i4++) {
            Object[] objArr4 = objArr[i4 % objArr.length];
            checkCreate(orgAdminClient, 204, (String) objArr4[0], (String) objArr4[1], (Scope) objArr4[2], (List) objArr4[3]);
        }
        for (int i5 = 0; i5 < objArr.length; i5++) {
            Object[] objArr5 = objArr[i5 % objArr.length];
            checkCreate(orgAdminClient, 402, (String) objArr5[0], (String) objArr5[1], (Scope) objArr5[2], (List) objArr5[3]);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Test
    public void testCreateTooManyCloudRoleBindingsWithRbacQuotasFeature() throws Exception {
        ((FeatureConfigurationService) Mockito.doReturn(true).when(getFeatureConfigurationService())).isRbacLimitsEnable();
        String uniquify = TestIndependenceUtil.uniquify("org");
        Object[] objArr = {new Object[]{"u-org", "OrganizationAdmin", CloudScope.organizationScope(uniquify), null}, new Object[]{"u-env", "EnvironmentAdmin", CloudScope.envScope(uniquify, "env-2"), null}};
        Object[] objArr2 = {new Object[]{"u-cluster", "CloudClusterAdmin", CloudScope.cloudClusterScope(uniquify, "env-2", "lkc-abc"), null}, new Object[]{"u-ro", "ResourceOwner", CloudScope.kafkaScope(uniquify, "env-2", "lkc-abc"), Collections.singletonList(new ResourcePattern("Topic", "topic1", PatternType.LITERAL))}, new Object[]{"u-dr", "DeveloperRead", CloudScope.kafkaScope(uniquify, "env-2", "lkc-abc"), Collections.singletonList(new ResourcePattern("Topic", "topic1", PatternType.LITERAL))}};
        MdsScope mdsScope = new MdsScope(CloudScope.envScope(uniquify, "env-1"));
        V2RbacRestApi orgAdminClient = getOrgAdminClient(uniquify);
        System.out.println("Starting test org/env scope");
        for (int i = 1; i < 1000; i++) {
            Object[] objArr3 = objArr[i % objArr.length];
            checkCreate(orgAdminClient, 204, (String) objArr3[0], (String) objArr3[1], (Scope) objArr3[2], (List) objArr3[3]);
        }
        for (int i2 = 0; i2 < objArr.length; i2++) {
            Object[] objArr4 = objArr[i2 % objArr.length];
            checkCreate(orgAdminClient, 402, (String) objArr4[0], (String) objArr4[1], (Scope) objArr4[2], (List) objArr4[3]);
        }
        int i3 = 0;
        Response execute = orgAdminClient.getPrincipalsWithRole("EnvironmentAdmin", mdsScope).execute();
        Assert.assertTrue(execute.isSuccessful());
        Iterator it = ((List) execute.body()).iterator();
        while (it.hasNext()) {
            Assert.assertTrue(orgAdminClient.removeRoleForPrincipal((String) it.next(), "EnvironmentAdmin", mdsScope).execute().isSuccessful());
            i3++;
            if (i3 >= 50) {
                break;
            }
        }
        for (int i4 = 0; i4 < i3; i4++) {
            Object[] objArr5 = objArr[i4 % objArr.length];
            checkCreate(orgAdminClient, 204, (String) objArr5[0], (String) objArr5[1], (Scope) objArr5[2], (List) objArr5[3]);
        }
        for (int i5 = 0; i5 < objArr.length; i5++) {
            Object[] objArr6 = objArr[i5 % objArr.length];
            checkCreate(orgAdminClient, 402, (String) objArr6[0], (String) objArr6[1], (Scope) objArr6[2], (List) objArr6[3]);
        }
        System.out.println("Starting test org/env/cloudcluster scope");
        for (int i6 = 0; i6 < 500; i6++) {
            Object[] objArr7 = objArr2[i6 % objArr2.length];
            checkCreate(orgAdminClient, 204, (String) objArr7[0], (String) objArr7[1], (Scope) objArr7[2], (List) objArr7[3]);
        }
        for (int i7 = 0; i7 < objArr2.length; i7++) {
            Object[] objArr8 = objArr2[i7 % objArr2.length];
            checkCreate(orgAdminClient, 402, (String) objArr8[0], (String) objArr8[1], (Scope) objArr8[2], (List) objArr8[3]);
        }
        int i8 = 0;
        Response execute2 = orgAdminClient.getPrincipalsWithRole("DeveloperRead", mdsScope).execute();
        Assert.assertTrue(execute2.isSuccessful());
        Iterator it2 = ((List) execute2.body()).iterator();
        while (it2.hasNext()) {
            Assert.assertTrue(orgAdminClient.removeRoleForPrincipal((String) it2.next(), "DeveloperRead", mdsScope).execute().isSuccessful());
            i8++;
            if (i8 >= 10) {
                break;
            }
        }
        for (int i9 = 0; i9 < i8; i9++) {
            Object[] objArr9 = objArr2[i9 % objArr2.length];
            checkCreate(orgAdminClient, 204, (String) objArr9[0], (String) objArr9[1], (Scope) objArr9[2], (List) objArr9[3]);
        }
    }

    @Test
    public void testCreateTooManyCloudRoleBindingsResourcesWithoutQuotasFeature() throws Exception {
        createTooManyCloudRoleBindingsResourcesTest(1000);
    }

    @Test
    public void testCreateTooManyCloudRoleBindingsResourcesWithQuotasFeature() throws Exception {
        ((FeatureConfigurationService) Mockito.doReturn(true).when(getFeatureConfigurationService())).isRbacLimitsEnable();
        createTooManyCloudRoleBindingsResourcesTest(500);
    }

    private void createTooManyCloudRoleBindingsResourcesTest(int i) throws Exception {
        String uniquify = TestIndependenceUtil.uniquify("org");
        Scope kafkaScope = CloudScope.kafkaScope(uniquify, "env-1", "lkc-abc");
        MdsScope mdsScope = new MdsScope(kafkaScope);
        V2RbacRestApi orgAdminClient = getOrgAdminClient(uniquify);
        List<ResourcePattern> list = (List) IntStream.range(0, (i / 3) + 1).mapToObj(i2 -> {
            return new ResourcePattern("Topic", "topic" + i2, PatternType.LITERAL);
        }).collect(Collectors.toList());
        checkCreate(orgAdminClient, 204, "u-ro", "ResourceOwner", kafkaScope, list);
        Assert.assertEquals(((List) orgAdminClient.getPrincipalsWithRole("ResourceOwner", mdsScope).execute().body()).size(), 1);
        checkCreate(orgAdminClient, 204, "u-ro", "ResourceOwner", kafkaScope, list);
        Assert.assertEquals(((List) orgAdminClient.getPrincipalsWithRole("ResourceOwner", mdsScope).execute().body()).size(), 2);
        checkCreate(orgAdminClient, 402, "u-ro", "ResourceOwner", kafkaScope, list);
        Assert.assertEquals(((List) orgAdminClient.getPrincipalsWithRole("ResourceOwner", mdsScope).execute().body()).size(), 2);
        Response execute = orgAdminClient.getPrincipalsWithRole("ResourceOwner", mdsScope).execute();
        Assert.assertTrue(execute.isSuccessful());
        Assert.assertEquals(((List) execute.body()).size(), 2);
        String str = (String) ((List) execute.body()).get(0);
        Response execute2 = orgAdminClient.getRoleResourcesForPrincipal(str, "ResourceOwner", mdsScope).execute();
        Assert.assertTrue(execute2.isSuccessful());
        Assert.assertTrue(((List) execute2.body()).size() > 3);
        Assert.assertTrue(orgAdminClient.removeRoleResourcesForPrincipal(str, "ResourceOwner", new ResourcesRequest(mdsScope, ((List) execute2.body()).subList(0, 3))).execute().isSuccessful());
        checkCreate(orgAdminClient, 204, "u-ro", "ResourceOwner", kafkaScope, list);
        Assert.assertEquals(((List) orgAdminClient.getPrincipalsWithRole("ResourceOwner", mdsScope).execute().body()).size(), 3);
        checkCreate(orgAdminClient, 402, "u-ro", "ResourceOwner", kafkaScope, list);
        Assert.assertEquals(((List) orgAdminClient.getPrincipalsWithRole("ResourceOwner", mdsScope).execute().body()).size(), 3);
    }

    @NotNull
    private V2RbacRestApi getOrgAdminClient(String str) throws IOException {
        String uniquify = TestIndependenceUtil.uniquify("u-org");
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(uniquify);
        this.ldapCrud.createUsers(new String[]{uniquify});
        Assert.assertTrue(this.suClient.addClusterRoleForPrincipal(kafkaPrincipalString, "OrganizationAdmin", new MdsScope(CloudScope.organizationScope(str))).execute().isSuccessful());
        return V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, uniquify);
    }

    private void checkCreate(V2RbacRestApi v2RbacRestApi, int i, String str, String str2, Scope scope, List<ResourcePattern> list) throws Exception {
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify(str));
        if (list == null) {
            Assert.assertEquals(v2RbacRestApi.addClusterRoleForPrincipal(kafkaPrincipalString, str2, new MdsScope(scope)).execute().code(), i);
        } else {
            Assert.assertEquals(v2RbacRestApi.addRoleResourcesForPrincipal(kafkaPrincipalString, str2, new ResourcesRequest(new MdsScope(scope), list)).execute().code(), i);
        }
    }
}
